First published: Thu Jul 07 2022(Updated: )
<a href="https://access.redhat.com/security/cve/CVE-2022-24807">CVE-2022-24807</a> A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. <a href="https://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGES">https://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGES</a>
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/net-snmp | <5.9.2 | 5.9.2 |
Net-SNMP | <5.9.2 | |
Red Hat Fedora | =36 | |
Debian Linux | =10.0 | |
Debian Linux | =11.0 | |
Red Hat Enterprise Linux | =9.0 | |
Red Hat Enterprise Linux Server EUS | =9.2 | |
Red Hat Enterprise Linux Server EUS | =9.4 | |
Red Hat Enterprise Linux | =9.0 | |
Red Hat Enterprise Linux | =9.2_aarch64 | |
Red Hat Enterprise Linux | =9.4_aarch64 | |
Red Hat Enterprise Linux for ARM64 EUS | =9.4_aarch64 | |
Red Hat Enterprise Linux for IBM Z Systems | =9.0 | |
Red Hat Enterprise Linux for IBM Z Systems | =9.2_s390x | |
Red Hat Enterprise Linux for IBM Z Systems | =9.4_s390x | |
Red Hat Enterprise Linux for IBM Z Systems (s390x) | =9.4_s390x | |
Red Hat Enterprise Linux for Power, little endian | =9.0 | |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =9.2_ppc64le | |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =9.4_ppc64le | |
Red Hat Enterprise Linux Server | =9.2 | |
Red Hat Enterprise Linux Server | =9.4 | |
Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =9.2_ppc64le | |
Red Hat Enterprise Linux Server Update Services for SAP Solutions | =9.2 | |
Red Hat Enterprise Linux for SAP Solutions | =9.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-24807 is rated as a high-severity vulnerability due to the potential for an out-of-bounds memory access.
To fix CVE-2022-24807, upgrade the net-snmp package to version 5.9.2 or later.
CVE-2022-24807 affects systems using net-snmp versions before 5.9.2, including multiple versions of Red Hat, Debian, and Fedora.
CVE-2022-24807 is a memory corruption vulnerability caused by a malformed OID in SNMP requests.
Versions of net-snmp prior to 5.9.2 are vulnerable to CVE-2022-24807.